Back to skill
Skillv1.0.0
ClawScan security
Cedh Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 11:43 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions mostly match a cEDH advice tool, but they reference local files and executable scripts on the user's drive (E:\Base\...) and an offline DB without declaring any required paths or permissions — that mismatch is concerning.
- Guidance
- This skill looks like a reasonable cEDH advising checklist, but it explicitly points to local files and Python scripts on E:\ (and an offline DB) while declaring no file-access requirements. Before installing or enabling it: (1) ask the author whether those E:\ paths are required and what the scripts do; (2) do not grant the agent blanket access to your filesystem — prefer a sandboxed environment or remove/replace references to local resources; (3) if you want to use local data, verify the referenced scripts and DB content manually for safety; (4) verify the banlist claims against an official source (the SKILL.md's banned-card list may be out of date or incorrect). If the author cannot justify or remove the local-file expectations, treat the skill as untrusted.
- Findings
[NO_CODE_FILES] expected: The static scanner found no code files because this is an instruction-only skill; however the SKILL.md references local scripts and databases that the scanner could not analyze.
Review Dimensions
- Purpose & Capability
- noteThe name/description (cEDH live advice: banlist, tutor targets, mana math, combo lines) aligns with the SKILL.md content. However, the SKILL.md lists local reference resources (E:\Base\mtg_cedh_pro\*.py, E:\Base\mtg_cedh_pro\mtg_offline.db) and a 'Knowledge Graph' entity that imply access to local data/executable scripts which are not declared in the skill metadata (no required config paths, no install). That is inconsistent with a purely instruction-only advisory skill.
- Instruction Scope
- concernThe runtime instructions include clear, bounded behavior for live advice (ask for hand/board, count mana, one-sentence recommendation). But the 'REFERENZ-MATERIAL' explicitly references local filesystem paths and Python scripts/DB files which would require the agent to read/execute local files. The skill does not declare or justify needing file I/O or code execution; instructions also tell the agent to perform web searches for ban updates. Directives to use/execute local scripts or databases without declaring access are scope creep and a data/execution risk.
- Install Mechanism
- okThere is no install spec and no code files. That keeps the runtime footprint minimal — the skill is instruction-only, so nothing will be written to disk by an install step.
- Credentials
- concernThe skill declares no environment variables or config paths but references specific local files, scripts, and an offline DB. Requesting access to a user's E:\ drive or to run local Python scripts would be disproportionate for a simple advice skill unless the user explicitly provides/permits those resources. The SKILL.md also references a 'Knowledge Graph' entity name without explaining its source.
- Persistence & Privilege
- notealways is false (good). The SKILL.md asks maintainers to update the document on ban changes, which is a normal maintenance instruction. There is no instruction that the skill should forcibly persist itself or alter other skills/configs. Autonomous invocation is allowed by platform default and not by itself a problem here.